<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<% request.setCharacterEncoding("UTF-8"); %>
<%@ page import="java.sql.*" %>
<%@ page import="javax.servlet.http.Cookie" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
    // 检查登录
    Cookie[] cookies = request.getCookies();
    String logonusername = null;
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if ("logonusername".equals(cookie.getName())) {
                logonusername = cookie.getValue();
                break;
            }
        }
    }
    request.setAttribute("logonusername", logonusername);
    
    if (logonusername == null) {
        out.println("<script>alert('管理请先登录！');window.location.href='logon.jsp';</script>");
        return; 
    }
    
   //接收搜索内容
    String sobook = request.getParameter("sobook");
    if (sobook == null) sobook = "";
    request.setAttribute("sobook", sobook);
%>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8" />
	<link rel="stylesheet" href="style/css/index.css" />
	<link rel="stylesheet" href="style/css/admin.css" />
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>图书管理 - 管理</title>
</head>
<body>
<div id="app">
	<div class="top">
		<div class="title">
			<h1>图书管理 - 管理</h1>
		</div>
		<div class="menu">
			<a href="index.jsp">首页</a>
			<a href="adds.jsp">添加</a>
			<a href="my.jsp">关于</a>
		<%
        	out.println("<a>"+logonusername+"</a><a href=\"api/_exit.jsp\">退出登录</a>");
        %>
		</div>
	</div>
	<div class="so">
        <form action="admin.jsp" method="get" accept-charset="UTF-8">
        <% out.println("<input type=\"text\" name=\"sobook\" placeholder=\"请输入书名搜索...（删除请搜索书名）\" value=\""+ sobook +"\"/>");%>
            <button type="submit">搜索</button>
            <input type="hidden" name="so" value="搜索" />
        </form>
    </div>
	<div class="main-div">
		<div class="main">
			<div class="book-list">
			<%
                    Connection conn = null;
                    PreparedStatement stmt = null;
                    ResultSet rs = null;
                    ResultSet ros = null;
                    try {
                        Class.forName("com.mysql.cj.jdbc.Driver");
                        conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/books", "books", "books");
                        //查询权限
                        String sqls = "SELECT state FROM users WHERE username = ? and state = 5";
                        stmt = conn.prepareStatement(sqls);
                        stmt.setString(1, logonusername);
                        ros = stmt.executeQuery();
						if (!ros.next()){
							out.println("<script>alert('抱歉！您没有管理的权限！');window.location.href='index.jsp';</script>");
					        return;
                        }
						//浏览内容
                        String sql = "SELECT * FROM book WHERE bookname LIKE CONCAT('%', ?, '%') ORDER BY bid DESC LIMIT 30";
                        stmt = conn.prepareStatement(sql);
                        stmt.setString(1, sobook);
                        rs = stmt.executeQuery();
                        while (rs.next()) {
                            int bid = rs.getInt("bid");
                            String bookname = rs.getString("bookname");
                            String author = rs.getString("author");
                            String msg = rs.getString("msg").length() > 60 ? rs.getString("msg").substring(0, 60) + "..." : rs.getString("msg");
                            String booknum = rs.getString("booknum");
                %>
                <div class="book-item">
					<form action="api/_edit.jsp" accept-charset="UTF-8" method="post">
                    <h2>《<input type="text" name="bookname" value="<%= bookname %>" placeholder="书名"/>》</h2>
                    <p>作者: <input type="text" name="author" value="<%= author %>" placeholder="作者名"/></p>
                    <p>数量：<input type="number" name="booknum" value="<%= booknum %>" placeholder="数量"/></p>
                	<p>简介: <textarea name="msg" placeholder="简介"><%= msg %></textarea></p>
					<input type="hidden" name="bid" value="<%= bid %>"/>
					<input type="submit" value="更改" />
                    </form>
                    <% if(sobook!=""){ out.println("<button onclick=\"window.location.href='api/_def.jsp?admin=5&u="+logonusername+"&bid="+bid+"'\">删除</button>"); } %>
                </div>
                <%
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    } finally {
                        try { if (rs != null) rs.close(); } catch (SQLException e) { /* ignored */ }
                        try { if (stmt != null) stmt.close(); } catch (SQLException e) { /* ignored */ }
                        try { if (conn != null) conn.close(); } catch (SQLException e) { /* ignored */ }
                    }
                %>
			</div>
		</div>
	</div>
 <%@ include file="bottom.jsp" %>